Can we use some of this Risky Social Behaviors post to aid us in finding an adequate definition for secure multi-tenancy? Perhaps more to the point it can define how we look at multi-tenancy today. On a recent VMware Communities podcast we were told two things that seem contradictory to current security thinking. The first is that going to the cloud reduces your risk, and the second was that the definition of the cloud must include multi-tenancy.
The security companies are looking into all aspects of virtual environment introspection to label, tag, or mark all objects for compliance reasons, inspect the contents of virtual machines for asset management (CMDB), and an early form of Root Kit detection.
Virtualization Security is not just about the firewall, it is about the entire ecosystem, auditing, compliance, and object management.
While doing a quick Google search to find what a Cloud is, I have found several different definitions which depend on which vendor site you pull up. One thing is for sure despite the frequent use of the term, it still means different things to different people and or companies. For my reference point I am going to use the National Institute of Standards and Technology definition referenced by Texiwill’s NIST Cloud Computing Definitions Final article.
• • 0 Comments
During the Virtualization Security Podcast on 5/13, IBM’s David Abercrombie joined us to discuss IBM’s Virtualization Security Protection for VMware (VSP) which contains several exciting uses of the VMsafe API for VMware vSphere. These being:
* Network: Network Monitoring, Firewall, Access Control, and a Protocol Analysis Module
* Memory: Rootkit Detection
The panel of the Virtualization Security Podcast on 5/27/2010 was joined by an attorney specializing in the Internet space. David Snead spoke at InfoSec and made it clear that there was more to secure multi-tenancy than one would imagine. The first question was “how would you define tenant?” which I believe is core to the discussion of SMT as without definitions we have no method of communicating. Before we get to David’s response, we should realize that nearly every one has their own definition of Tenant for a multi-tenant solution.
• • 0 Comments
When working with VMware ESX there are some tips that I can share that can help you manage your environment. This tips are not anything really new or exciting but rather a reinforcement of some best practices to live by in order to improve auditing for compliance and troubleshooting. Use of the following in conjunction with remote logging functionality will improve your compliance stance and improve your ability to troubleshoot over a period of time.
How you may ask? By using a tool that logs all local administrator actions to a remote logging host. There are two ways to do this today for ESX (SUDO and the HyTrust Appliance) and only one mechanism for ESXi and vCenter (the HyTrust Appliance).
PhD Virtual has gained its second round of funding with investment from Citrix amongst others as discussed within our post News: esXpress is no more but what does this mean for XenServer? Up until this point it looked like Citrix was out of the server hypervisor wars and backing Microsoft’s Hyper-V play. Yet this looks on the surface like a basic shift to that direction. Yes, XenServer was placed into the OpenSource community and the latest improvements, such as the Open VSwitch integration and a new releases emphatically say that XenServer is alive and well and that its ecosystem is growing for that matter so is Hyper-V’s.
, • • 0 Comments
Java based applications can now be moved between not only a SpringSource TC-Server Java platform on VMware vSphere, but also between the same platform on VMForce, and now Google AppEngine. This level of support from VMware, Salesforce.com, and now Google is starting to make SpringSource look like the early leading technology for PaaS Clouds. This is a significant advance in the state of PaaS clouds as there were previously no examples that offered such broad support for one platform by such a diverse set of industry leaders. However as is always the case, platform advances have outstripped security, management and performance assurance capabilities.
Due to what I stated during GestaltIT’s TechFieldDay, I was invited with Bas Raayman and others to discuss Secure Multi-Tenancy (SMT) in more detail with Chuck Hollis at EMC World. In addition, during one of the Keynotes SMT was renamed from Secure Multi-Tenancy to Simple Multi-Tenancy. The current Cisco VMware Netapp solution is plainly not secure. During the TechFieldDay at Cisco, Cisco even claimed “we did not think about security” when designing the initial solution. Cisco is worried about Quality of Service, I.E. Bandwidth through out the system to the disk. Furthermore, their definition of ‘Tenant’ was quite a bit different than my own. So we should first start off by defining Tenant.